14:00:19 #startmeeting magnetodb 14:00:20 Meeting started Thu Nov 27 14:00:19 2014 UTC and is due to finish in 60 minutes. The chair is isviridov. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:00:21 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:00:23 The meeting name has been set to 'magnetodb' 14:00:33 Andrei V. Ostapenko proposed stackforge/magnetodb-specs: Adds table uuid in uri specification https://review.openstack.org/137336 14:00:42 It is holyday in US, so Symantec is not with us today 14:00:48 ikhudoshyn hi 14:00:55 dukhlov are you with us? 14:00:58 o/ 14:01:12 ominakov o/ 14:01:14 \o_ 14:01:26 * isviridov strange smile... 14:02:01 Let us go througt action items from last meeting 14:02:15 Andrei V. Ostapenko proposed stackforge/magnetodb-specs: Adds table uuid in uri specification https://review.openstack.org/137336 14:02:22 #topic Go through action items isviridov 14:02:38 o/ 14:02:39 o/ 14:02:46 hi 14:02:50 It seems the only one was to review RBAC implementation 14:03:01 rushiagr o/ 14:03:16 aostapenko ikhudoshyn ajayaa dukhlov anythin to discuss here? 14:03:33 #link https://review.openstack.org/#/c/124391/ 14:04:16 There is a bug here. Unless we check the existence of a project with keystone, RBAC wouldn't work as expected. 14:04:53 ajayaa does it mean call to keystone on every request? 14:05:10 I am interested to know how other projects handle this situation, since most of other components work with project_ids in their URL. 14:05:25 isviridov, possibly! 14:05:50 * isviridov surprised 14:06:08 isviridov, Anyway by using keystone tokens we are making a call to keystone. 14:06:17 why is current approach not good? 14:06:19 What the thing is? Desn't PKI tiken contatin roles as well? 14:06:47 I mean checking that project_id == token's tenant 14:06:47 ajayaa it is expected to use PKI token and avoid call to ks 14:07:34 isviridov, PKI tokens are very long. Do you want the users to send an additional payload of 10 KB each time. 14:07:52 I think we discussed this sometime back. 14:08:37 dukhlov, In that case you wouldn't be allowing an admin access to projects other than project embedded in his token. 14:08:58 By admin, I mean someone who has access to all other projects. 14:09:02 ajayaa, clear 14:09:32 AFAIK, most of the deployments use UUID tokens as of now, isviridov 14:09:55 There was survey done by keystone-devs sometime back. 14:10:25 but I thought that admin role allows user to get token for any tenant and then sent it to target service 14:10:27 ajayaa it was discussed before and we have decided that it is not bad, PKI token without catalog is not verly long and is about 1KB 14:10:41 ajayaa: in fact we fought to avoid asking ks each time, so I think we do want PKI 14:11:18 maybe your approach is good, but anyway we need to check how another services like nova handles this 14:11:25 ikhudoshyn, sorry. perhaps I was not present in that discussion. 14:11:39 ajayaa: np, its just fyi 14:11:44 dukhlov, exactly. Let me see! 14:12:17 move on? 14:13:42 #action ajayaa clarify auth in nova 14:13:46 ajayaa sounds good? 14:15:14 yes 14:15:17 isviridov 14:15:24 Ok, move on 14:15:38 #topic Authentication issues with monitoring API for third party services ominakov 14:16:13 ominakov? 14:17:07 I believer I can start in behalh ominakov 14:17:28 yep, as you know we have some issues with monitoring api 14:17:45 Yeap, please go on 14:17:56 i describe issues and suggestions in https://blueprints.launchpad.net/magnetodb/+spec/api-uri-format-change 14:18:47 The thing is to make urls 14:18:50 v1/data//... 14:18:50 v1/monitoring//... 14:19:07 the different applications 14:19:19 looks good! 14:19:25 ikhudoshyn? 14:19:32 agree 14:20:04 i think, i can do this 14:20:12 ominakov bp has been approved. I believe documentaton should be also updated. 14:20:22 isviridov, sure 14:21:01 dukhlov ikhudoshyn do we need spec for this? 14:21:26 just update existing docs 14:21:31 agree 14:22:03 BP with couple lines description would be enuff just to track activities 14:22:30 Ok, let us move on 14:22:54 I see no ther topics in agenda except open discussion 14:22:59 #topic Open discussion isviridov 14:23:15 Lets see... 14:23:38 Why do we want to create a separate application for dynamodb-api? 14:23:38 aostapenko any progress with lookup table by uuid? 14:24:21 https://review.openstack.org/#/c/137336/ Here are specs 14:24:40 ajayaa in order to manage it separately during deployment. Balance requests, deploy on separate hardware so on. 14:24:48 we have already created separate application for magnetoDB as far as I know 14:24:58 ajayaa but it is nice to have 14:25:07 I mean WSGI application 14:26:36 dukhlov yes 14:26:53 and not we can deploy it with MagnetoDB API as composite application (using paste) or run as separate process 14:27:56 dukhlov, okay! 14:29:34 dukhlov with gunicorn deployment you are right, all port management is moved to higher level 14:29:58 dukhlov that is why it is nice to have] 14:31:02 dukhlov I mean to say, that separate process is not needed it this case, but separate WSGI app is 14:31:58 aostapenko +2 to https://review.openstack.org/#/c/137336/ 14:32:14 isviridov: at least we are providing deployment flexibility 14:32:24 dukhlov agree 14:33:45 Do we have anything else to discuss/highligt? 14:34:03 isviridov thanks 14:34:51 isviridov: not from my side 14:35:04 aostapenko ominakov ajayaa rushiagr? 14:35:23 no from me. Thanks 14:35:58 nope 14:36:10 Thanks everybody for comming 14:36:13 #endmeeting